What are the common encryption methods in WEB development

Others 2021-04-01 15:44:17 views: null

Today, we are paying more and more attention to information security, and all kinds of encryption in WEB development have become more important. Usually, in the interaction with the server, in order to ensure the security of data transmission and avoid being captured by someone to tamper with the data, in addition to the https application, it is also necessary to encrypt and decrypt the transmitted data. Today we come to understand what are the common encryption methods.

One-way hash encryption

One-way hash (hash) encryption refers to an encryption method in which an input string of arbitrary length is changed into a fixed-length output string, and the input string is difficult to obtain from the output string. This method is called single-item hash encryption. It is widely used to encrypt sensitive data, such as user passwords, request parameters, file encryption, etc. We use a one-way hash encryption algorithm to store user passwords in our development.

Common one-way hash encryption algorithms are:

  • MD5
  • SHA
  • MAC
  • CRC

The advantages of the one-way hash encryption algorithm are (take MD5 as an example):

  • Convenient storage: After encryption, they are all fixed-size (32-bit) strings, which can be allocated a fixed-size space for storage.
  • Low loss: Encryption/encryption has minimal performance loss.
  • File encryption: Only a 32-bit string is required to verify the integrity of a huge file.
  • Irreversible: Irreversible in most cases, with good safety.

The disadvantage of one-way hash encryption is that there is the possibility of brute force cracking. It is best to increase the security by adding salt. In addition, there may be hash conflicts. We all know that MD5 encryption can also be cracked.

For PHPer, md5()simple encryption is not recommended . Instead, it is recommended that you use password_hash()encrypted storage for data. This function uses a sufficiently strong one-way hash algorithm to create a hash of the password to make the encrypted data more secure and reliable. Support for encrypted storage and verification of user passwords is quite good.

Sample code:

//密码加密
$password = '123456';
$passwordHash = password_hash(
    $password,
    PASSWORD_DEFAULT,
    ['cost' => 12]
);

//密码验证
if (password_verify($password, $passwordHash)) {
    //Success
} else {
    //Fail
}

Symmetric encryption

The same key can be used for both encryption and decryption of data. This method is called symmetric encryption. It is applied to scenarios where a relatively large amount of data or key data is encrypted. In our development, we often use the symmetric encryption algorithm for the interface parameter signature verification service.

Common symmetric encryption algorithms are:

  • OF
  • AES

AES is an upgraded version of DES, with longer key length, more options, more flexibility, higher security and faster speed.

The advantages of symmetric encryption are that the algorithm is open, the amount of calculation is small, the encryption speed is fast, and the encryption efficiency is high.

The disadvantage is that the sender and the receiver must agree on the key, and then both parties can save the key, and key management becomes a burden on both parties.

The security of the symmetric algorithm depends on the key. Leaking the key means that anyone can decrypt the messages they send or receive. Therefore, the confidentiality of the key is very important to the security of communication.

PHP example

//DES加密
$key = '123kils1321dshfdsvcxpUsdaq23'; //安全密钥
$data = 'name=iphone11&order_id=201233232323123&price=3357&num=2';//加密明文
$decodeData = openssl_encrypt($data, 'DES-ECB', $key, 0);

Using PHP's own openssl_encryptencryption method, the results of DES encryption on the data are as follows:

oc3PdhugNue/t3i8HfXjd9YUP9BnTLg0Re9R1u2fsZr0jU2hIpCIjR0bruAwNSIGkqulrNHGYm8=

After receiving the ciphertext, the other party uses the same key openssl_decrypt()to decrypt the ciphertext with DES:

$key = '123kils1321dshfdsvcxpUsdaq23'; //安全密钥
$decodeData = 'oc3PdhugNue/t3i8HfXjd9YUP9BnTLg0Re9R1u2fsZr0jU2hIpCIjR0bruAwNSIGkqulrNHGYm8=';
$de = openssl_decrypt($decodeData, 'DES-ECB', $key, 0);
echo $de;

Run the code, and finally get the decrypted result:

name=iphone11&order_id=201233232323123&price=3357&num=2

 

DES-ECBIt is an encryption method. You can view more encryption methods on the official php document: https://www.php.net/manual/zh/function.openssl-get-cipher-methods.php

 

Asymmetric encryption

Asymmetric encryption means that two keys are required for encryption and decryption. The two secret keys are a public key and a private key. This method is called asymmetric encryption. Asymmetric encryption is suitable for scenarios with high security requirements, and is suitable for encrypting a small amount of data, such as payment data, CA digital certificates, etc.

Common asymmetric encryption algorithms are RSA and RSA2 .

The advantage of asymmetric encryption is that it has better security than symmetric encryption. Encryption and decryption requires different keys. Both public and private keys can be mutually encrypted and decrypted.

The disadvantage is that the encryption and decryption takes a long time and the speed is slow, and it is only suitable for encrypting a small amount of data.

The asymmetric encryption algorithm RSA2 has stronger security capabilities than RSA. Ant Financial and Sina Weibo are using the RSA2 algorithm.

Create public and private keys:

openssl genrsa -out private_key.pem 2048
openssl rsa -in private_key.pem -pubout -out public_key.pem

Execute the above command, private_key.pemand public_key.pem two files will be generated .

We will explain the specific sample code in a follow-up article, so stay tuned.

 

Front-end encryption

Front-end friends may pay attention to the front-end js encryption. When we do the web login function, we usually submit it to the server for verification through Form submission or Ajax. In order to prevent packet capture, the login password must be encrypted (RSA) first, and then submitted to the server for verification. Some large companies are using it, such as Taobao, JD, Sina, etc.

There are also many ready-made js libraries for front-end encryption, such as:

JS-RSA: Javascript library used to perform OpenSSL RSA encryption, decryption and key generation, https://github.com/travist/jsencrypt

MD5: One-way hash encryption md5 js library, https://github.com/blueimp/JavaScript-MD5

crypto-js: symmetric encryption AES js library, https://github.com/brix/crypto-js

 

This article comes from helloweba.net

Link: https://www.helloweba.net/news/629.html

Guess you like

Origin blog.csdn.net/z3287852/article/details/113421274
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com